These comments show how dire the situation is—to the point that Firefox might disqualify it self as a serious browser candidate:

There are many users who have been very hard hit. One commenter mentions how his password manager* with (IIRC) roughly 150 passwords has been disabled, which might be even worse than the NoScript issue. It is easy to imagine a user being cut off from email, blogging, social media, …, through such an issue. Worse: If this happens in a commercial setting, an entire business could be temporarily crippled.

*However, I would advise against using an in-browser password manager (at least, where important passwords are concerned). This for reasons like the above, the greater risk of hacking, problems that can ensue when switching computers or trying to run several browsers in parallel, whatnot.

The attempts by Mozilla to fix the issue appear to be slow and have not been met with enthusiasm.

This work-around has the side-effect of allowing Mozilla to run various spy-on-the-user functionality that many users have disabled for very good reasons—and that more-or-less everyone else should have disabled. This, obviously, amounts to Mozilla screwing up and then gaining an unfair advantage over its users through the screw-up…

Further, this work-around can take up to six (!) hours to take effect, without an additional workaround (specifically, manual manipulation of the “app.normandy.run_interval_seconds” key). Mozilla’s stance: Wait, without attempting further work-arounds. Depending on timing, however, six hours can amount to an entire day lost, including for some who need the Internet extensively for professional reasons.

Further, it is not even available on all Firefox instances, including those that use or are based upon the ESR*.

*An older version with long-term support that is suitable for those in need of greater stability and/or who develop off-shot browsers, e.g. the Tor Browser.

Further, some users who believe that it should work in their browsers report that it does not. (I have not kept tabs on the details and could be wrong, but I am under the impression that some of them were on the latest version—and, thus, correct in this estimate. There are some murmurings about some other key that might need to be manipulated, but, again, I have not kept tabs on the details.)

From a Tor-Browser perspective, there is an additional* complication through NoScript being used by the Tor Browser internally to implement some security features. The disabling of NoScript implies e.g. that the “security slider” will be highly misleading or malfunctioning. As some mention, such errors could cost someone his freedom or even life…** This, obviously, points to issues with the Tor Browser, including that it has chosen a dangerous path to implement security (dependent on the efforts of third parties) and that it has failed*** to protect it self against the risk of this type of deactivation.

*Which I had not realized when writing the first text, but which is clear from the page I linked to.

**Tor Browser is used by many dissidents in hostile regimes—not just regular surfers who value anonymity.

***In my understanding, such a protection and a protection mechanism is already present for some other plug-ins that come installed with the default Tor Browser, including “HTTPS Everywhere”. Correspondingly, an awareness of the possibility must have been present.

A few days ago, my Firefox* suddenly claimed that the NoScript-plugin had been deactivated—and left me no means to reactivate it. There was precious little to be found on the topic on the Internet (at the time, cf. below), but I did find the tip that setting the “xpinstall.signatures.required” key to “false” might solve the problem. It did—but at an increased security risk** and after I had wasted a fair amount of time.

*The modified Tor Browser to be specific; however, the problems all originate in or surrounding the vanilla Firefox. Indeed, in the vanilla Firefox I might have been worse off, because the discussed key might not function…

**This key relates to signing and verification of plugins. Setting it to false could allow the installation of malware-plugins.

Today, it happened again in another browser installation*. Going back on the Internet to re-find the key to change, I found many more relevant seeming hits, e.g. [1] and links on that page. Apparently, the Firefox developers have screwed up severely, causing perfectly legitimate, signed, and previously verified plugins to be marked as non-verifiable during the last few days… (I have not looked into the exact details.)

*I have several different installations for different purposes.

However, this screw-up is not the main problem here (bad, yes; but not the end of the world—shit happens). Far more problematic—and further proof of a user-despising attitude:

The plugin was deactivated without querying the user. Correct behavior would be to inform the user and request his decision as to what should be done with the plugin.

There was no non-trivial and well-documented way to re-activate the plugin. However, such a way should have been present, e.g. through a “re-activate” button in the plugin view—if need be, with a big warning sign and a “Are you really sure?” query.

An already installed plugin, which was previously deemed safe, was de-activated without the plugin it self having changed. Normally, such judgment should only be passed during the original installation.* On the outside, it might be sensible to allow a manual override by the developers due to new information, e.g. in that something that was previously considered secure and friendly has since proved dangerous or hostile. This could take the shape of e.g. (depending on the feature/software/whatnot under discussion) a manual key revocation or a manual blacklisting.

*For this type of check. Other checks, e.g. virus scans, might legitimately allow for later re-evaluation. There might also be other types of files, installations, programs, whatnot that might legitimately be treated differently (but no obvious example occur to me, off the top of my head).

The deactivations took place during on-going browser sessions and (at least, the first time) the notification of deactivation was belated: The first sign that something was wrong was that pages behaved differently than they should; the notification came a little later. This opens security and other risks; e.g. with NoScript,* that the user visits an untrusted or unknown site believing that JavaScript is off, while it actually is on—which is a much, much greater security risk than that posed by an already installed plugin. To boot, NoScript comes with quite a few security protections other than JavaScript on/off, e.g. relating to “click jacking”—these, too, are disabled with the plugin.

*It is hard to give general examples, because the exact consequences vary from plugin to plugin.

This could only happen because Firefox makes connections behind the user’s back, giving him no say and no transparency. (In particular, I have my browsers set to manual updates only. If this had been a side-effect of a user-allowed security update, it would have been a little less problematic.) No application, browser or other, should make such connections without having informed the user and having received his permission. This for a number of reasons, including the principle of having the user in control, the risks to the users privacy, the added amount of data (which can still be an issue on e.g. a smart-phone), the possibility that the application misbehaves or malfunctions when no Internet connection is present, ditto when a company goes bankrupt/turns off a server/is blocked by an ISP, …

(Unfortunately, very many other software-makers also do make such connections.)

Preamble: The below, minus an excursion, was written some days after [1], and was intended to round out the discussions in that series of texts. Unfortunately, various delivery issues ensued, resulting in another text series. A considerable delay in finishing and publishing resulted from related and unforeseen “real world” efforts and the time for these additional texts. The below is a polishing of the state at the time of the interruption, possibly without some sub-topics that I had not yet included (I do not remember my intentions), and with the section on advertising et al. well short of the intended scope. Relative time references are still based on the original time of writing—not the time of polishing and publishing.

There is an enormous amount to write around the topic of eCommerce—most of it negative, including poor web-design, a customer despising attitude, and absolute amateurity. While I will try not to do this writing, I have a few observations to conclude my recent discussions:

These issues do not just cause problems for the customers. On the contrary, there is a significant loss of business involved for those who have too slow or buggy websites, do not provide reasonable payment methods, try to dictate too one-sided terms, …* This in form both of customers who interrupt their (own) attempted purchases or product searches and of negative “word of mouth”.

*I am tempted to explicitly mention deliveries here, especially in light of my experiences between draft and polish. See an excursion below, however.

Note that this applies not just to problems with no upside, e.g. a slow website; it equally includes those with a purpose, e.g. attempts to reduce non-payment for delivered goods. Whether the latter, as a specific example, outweighs the lost custom will depend on the individual circumstances; however, I do have a strong impression* that the aspect of loss and the opportunity cost of these attempts are not considered sufficiently. Moreover, when the attempts are too poorly implemented, the loss will very often be greater than the gain. (For instance, to let a customer find his products, put them in his shopping cart, add an account, enter all address-and-whatnot information, and only then to tell him “no, you look like a risky customer—advance payment only” or even “[…]—take a hike”, will risk considerable ill will.)

*Based not only on my own experiences as a customer and what I have read, but also from inside knowledge from working at e.g. an online auction-house and an “ePayment” service.

As usual, those not in the naive mainstream are hit worse than others, e.g. in that many websites offer PayPal and see their job as done at that point—but, considering PayPal’s track-record and reputation, many informed users will deliberately not have a PayPal account.

Buying online is often more effort* than buying in stores—and much more likely to fail**. This is quite contrary to the original claims around eCommerce as a great time saver and convenience. Factor in the offline advantages of being able to investigate an item in person*** and having immediate possession after the purchase,**** and offline is often the better bet. Online can still score through a larger selection or better prices, but this is rarely enough.

*Including e.g. the need to enter considerable amounts of information or create accounts even for a one-time purchase. Queuing and travel can still result in even larger time waste; however, these can be avoided by at least city people by going to the store when in the area for other reasons and choosing the appropriate time of day,

**E.g. through errors around payment methods.

***Most notably with clothes and similar, but the range of products where this is an advantage is enormous. Consider e.g. test-typing on a keyboard before buying it, reading a chapter from a book, checking how something fits in the hand, looking at a decoration in real life (not just a photo of it), etc.

****Note that this is not just a matter of a delivery delay through an online order. Other factors include the risks of non-delivery, of delivery of faulty items, and of not having the items delivered to one’s home—just to the local post office, DHL subsidiary, or whatnot. (An exception to this disadvantage is, obviously, when the goods would be delivered even when bought in a store, which might be the case for e.g. furniture.)

In the past, eCommerce might have had the considerable advantage of easier price comparisons (with the competition); today, most people have smart-phones and can compare prices even when in a physical store.

Paradoxically, eCommerce was better in the past—through better websites, a less degenerated attitude towards the customers, and greater ease of payment. I note e.g. that twenty years ago I could easily* pay with a credit card online—today, it is a fifty–fifty proposition. Indeed, back then, eCommerce was the sole reason that I even had a credit card… (Note that credit-card acceptance was very rare in physical German stores back then, and is still unimpressive by e.g. U.S. standards.)

*To the point that it was too easy. I can recall my first few credit card payments, where I entered my credit-card number and a faulty “valid to”—and still saw my order processed correctly. (I had no idea what “valid to” was, guessed incorrectly that it was a some upper limit on the individual payment set by the customer, and entered a value of the current or following month—and because no-one complained, I did not research the topic further.) The institution of 3D-secure, however, is too much—the immense increase in effort needed and the many technical failures are not in proportion to the gains.

The commercialization of the Internet has made it much harder to get information on certain topics, because search listings that once were dominated by pages intending to inform are now dominated by pages intending to sell. With a bit of luck, one of the first links will be to the corresponding Wikipedia entry, but Wikipedia will not include e.g. forum discussions, will not always cover a topic with enough depth, and will rarely have information on individual products.

For instance, I just made a “startpage” search for “coffee maker”.* The first link is to Target, the second to Amazon, and the third to a review** site. The rest have a similar proportion of sellers and reviewers. Wikipedia is not present and neither is, for instance, the highly informative home page of a private coffee enthusiast***.

*For purposes of demonstration. In a real search, I would almost certainly, depending on my intentions, have gone directly to Wikipedia or added some further search terms (e.g. “principle of function” or “forum discussion”).

**See below for more on review sites.

***I cannot guarantee that such a page exist, but it does seem highly likely. There have definitely been other searches where I have found corresponding pages in the past.

Another manifestation of the commercialization is how the web is drowning in comparison sites. In theory, these might be a good thing; however, in reality, most are near useless and the sheer number takes space away from more valuable sites—do we really need 1001 different sites to tell us what coffee maker to buy?

Common problems include rankings that are bought; a too large focus on the best-selling brands/models/whatnot;* descriptions that read like advertising material (and might sometimes be provided by the manufacturer…); too little information and too much focus on making it easy for the visitor to buy the product;** and product details that are only available through a link to another website (e.g. the manufacturer’s or Amazon’s). In a twist, other comparison sites appear to want to prevent the reader from reaching the manufacturer’s site,*** by not linking there at all (or only in well-hidden places) and by providing lower-value own information (e.g. in that a link on “Braun” does not lead to Braun’s homepage, only to a local page with a profile of Braun).

*With the side-effects that smaller brands see their chances diminished and that customers miss the opportunity to find superior products out of the mainstream.

**There is nothing wrong with earning provisions, but the blatant manner some sites go about it is inexcusable. To boot, this gives incentives both to not write negative things even about poor products and to focus on more expensive products. More generally, the wish for provisions leads to a large number of suboptimal links from the visitors point of view, e.g. in that many blogs that mention a book do not link to a Wikipedia entry on the book, the author’s homepage, or similar—instead they link to Amazon…

***If the user leaves to the “wrong” website, he might end up buying somewhere where the comparison site does not receive a provision…

A third the excessive amounts of advertising of various kinds, including so intrusive adverts that surfers install ad blockers, search and review results that are bought, and, of course, spam.

Excursion on merchants and poor deliveries:
While poor deliveries hurt the customers the most, the merchants are not impervious to negative effects, e.g. through canceled orders and negative word-of-mouth. The major hitch on their end is that there is little that they can do in most cases, because the delivery service is to blame. If the delivery service screws up, what can the merchant do? In the end, the sole realistic recourse might be to switch delivery service—which will often amount to replacing the one cheating/negligent/incompetent/whatnot partner with another… To boot, while research can help with ruling out the worst-of-the-worst (notably, DHL), it will not necessarily give helpful information, because the problems often vary from area to area and time to time, often down to the level of the individual employee or sub-contractor, and does so both on the sender’s and the recipient’s end. The merchant can now see scenarios where deliveries to Cologne work well and those to Düsseldorf do not, or where deliveries to Cologne worked well last year and are a horror show this year.

That said, the merchant should try to minimize the risks and complications as far as possible, even if it makes deliveries a bit more expensive. This most notably through not splitting a single order into multiple deliveries “for logistic reasons”, unless the customer has explicitly* allowed it.

*As in e.g. “please do split the deliveries so that the projected delay of two weeks for item A does not delay item B, too”—but not as in e.g. implicit-consent-through-fine-print.

As a further follow-up to recent writings ([1], [2], [3]) I have to categorically advice to stay away from Cyberport. What has transpired here is so Kafkaesque as to stretch the believable.

I placed my order on the 26th March, received an email request for choice of alternate payment methods on the 27th, and immediately replied. After having received no reaction by the 29th, I sent a reminder and additionally set a deadline for the 1st of April. On the 1st, I received an email incorrectly claiming that I had not replied to the request from the 27th, with no indication that my reminder from the 29th would be known either. I immediately replied, quoting my previous emails and requested an immediate resolution.

Today (i.e. the 2nd), I received what amounts to the same email again—and again with no acknowledgment of any of my replies and reminders.

I note that I have had no email problems on my end, including no error messages, no bounces, no indications that other recipients would not receive their emails, …, and must conclude that Cyberport has a severe email problem on its end, is unable to perform even the most basic customer service actions, and/or is deliberately* doing something inexcusable.

*I tend to apply Hanlon’s Razor, but it is noteworthy that the 1st of April is involved. Combine this with an individual employee with an inexcusable attitude, and it is not impossible.

I have now unambiguously rescinded my order.

Excursion on computers:
In parallel, I have looked for alternative providers. Apart from the problems of finding OS-free computers and an online store with reasonable payment options, I am puzzled by the current price and “bang for the buck” levels. It has been quite some time since I last followed price developments, but there does not appear to be a significant price advantage for desktop computers anymore (despite the savings on the display, keyboard, whatnot, and from the lesser need to keep things small). Very many systems sell for absolutely astronomical prices*, probably because the desktop market has been skewed towards very high-end gaming computers. The cheaper systems, on the other hand, have considerably worse** specifications than I would have expected from the standards and trends from, say, five years back (when I was much more up-to-date).

*Often upwards of two thousand Euro, quite often upwards of one thousand Euro—are we back in the 1990s?

**Many systems have dual-cores below 3 GHz. None of the cheaper systems (and far from all of the more expensive) have 16 GB of RAM, many fail to have even 8 GB, and I have even seen some with a measly 2 (!) GB. As a comparison, my 2012 desktop had 2 GB, and was not a very expensive one. By Moore’s Law, I would have expected 16 and 32 GB to dominate even among the lower end systems.

Excursion on shelves:
After Bauhaus’ failure, I visited some other websites, and found that of competitor Hornbach to be much more user-friendly. It, too, suffers from excessive reloading, but is so much faster that this is acceptable (but still not ideal). I have replaced my Bauhaus order with a roughly equivalent one from Hornbach. (The payment options were similarly weak; however, I decided to risk prepayment, seeing that Hornbach, unlike e.g. Cyberport, is well-known, “brick and mortar”, and has a history that goes back decades.)

I have now received an email answer from Bauhaus to my request for a solution to enable the purchase despite the technical problems caused by Bauhaus. This answer is depressing and shows a complete disregard for customer interests, leaving me with a grand-total of possible two hours* of time wasted with nothing to show for it—and, yes, I was too optimistic in ascribing the behavior to an unintended technical problem.

*Including the phase two weeks ago described in [1], but not including the time spent writing texts. The single order that failed might have taken around an hour, including browsing the catalog and working with the abysmally slow website.

I will certainly never use Bauhaus again, not even the physical stores, unless it backs down from this customer-hostile stance. Factoring in the extreme slowness of the website, I can only encourage others to avoid it. I note that Bauhaus’ website has by now cost it the chance at orders over thousands of Euro of products and services (most of it relating to events in [1] prior to the current order). The issue is the more annoying, because I basically had already decided against using Bauhaus for any of the intended orders (cf. [1])—I made the mistake of still ordering the shelves from Bauhaus and was immediately burnt.

To quote pertinent parts*:

*A few minor manual corrections were necessary after copy-and-paste, since Bauhaus appears to have used non-standard characters or encoding. Reservations for undetected problems caused by this.

For every order, an automatic customary-in-the-trade (“handelsübliche”) check of address-and [hyphen present in original] order data is made, on which we have no influence

The offered payment methods depend on different factors.

Depending on the value of the goods, size and weight of the article and the category of the article, the online-shop gives you a selection of payment types.

We reserve the right to, after this check, remove specific payment types from the order transaction (“Bestellvorgang”).

This might have been acceptable in principle, had the payment options not already been offered. Filtering out the options before the user makes a choice could be OK, but doing so after he has already started choosing, and then choosing based on faulty premises, is inexcusable. To boot, there was no prior information that this might take place and no obvious means to make a preliminary check—to avoid spending all that time waiting on and searching on the uselessly slow website.

Further, either I was filtered out based on flawed criteria* or a very large proportion of the users will meet similar problems. I note that while some type of credit or similar check is not unusual, it is usually very explicit** and to speak of “customary” (“[handels]üblich”) for whatever checks Bauhaus used is extremely dubious.

*My credit rating should be flawless and not an obstacle. I also do not recall having given an authorization to perform a credit check, implying that this would boil down to me living in the wrong place (“address”)—if so, intolerable. The order value was small (possibly, around a 150 Euro) and would not be a legitimate cause for concern. The size and weight might have been well above average, but there is no obvious legitimate reason as to why this should have affected the payment methods. Further, both the value and size/weight were known before showing payments methods, and (for what should be a strictly internal check) it cannot be justified to not make the corresponding check in advance.

**E.g. in the form of a request to do a credit check or, for invoicing, a request to send data to a separate service, e.g. Klarna. I note that doing such a check without my consent would involve an illegal use of my data.

Also note that there was no indication of any connection to a check made in the messages displayed, including no mention of credit rating, size, weight, whatnot having had an impact. On the contrary, the impression of a Bauhaus wide restriction for everyone is created. This gross miscommunication is a further time waster.

As for the Cyberport issue discussed in the same text: Cyberport had per email requested that I state my preferred other payment options. I did so on the 27th (same day) and requested further instructions, due to the vagueness of the request. I am still waiting on a reaction from Cyberport. (But note that a lack of reaction within, at the time of writing, 46 hours need not indicate a major problem. It still compounds the delay, however. Even if Cyberport eventually honors my order, it will arrive at least three times later than originally indicated.)

Sometimes, I feel like tearing my hair out—fortunately, what little is left is cut too short to get a good grip…

Prior to and after writing the previous installment ([1]), I tried to use the German Bauhaus for some major purchases for and/or some works on my apartment, having made good experiences as a minor customer in the physical stores. This included replacing my (awful) current kitchen.

For this purpose, about two weeks ago, I brought home a 1500-page catalog, which I assumed would be extremely helpful in preliminary planning, both with regard to what I wanted to do/buy and whether Bauhaus was a suitable partner for the task. This turned out not to be the case, because (a) large parts of my interests were not covered sufficiently (including that much of the kitchen products that they do have were not present), (b) almost all products that I checked (and actually found…) lacked a price. Instead of a price, there was a lowest-price guarantee—if I found the same product cheaper somewhere else, Bauhaus would give me an even better price. But what help is that when planing?!? When it comes to areas like furniture, house-hold appliance, and whatnots, prices between products in the same category can easily vary by a factor of ten, with a much smaller variation in quality. For my purposes, a current-price-with-reservations-for-changes would have been much more helpful than a lowest-price guarantee. I suspect that the same applies to most other customers, who will not decide on a certain product (“it’s just diviiine”) and then compare prices.* Instead they will look at products of a certain type and compare them—with price, it self, being one of the most important criteria.

*There might be some few that do decide before knowing the price, e.g. because they are very rich or lack price consciousness. But: Are those very likely to compare prices or look for lowest-price guarantees? They might not care about the missing price, but they have little benefit from the price guarantee either.

I tried to compensate for this by also looking at the associated website—slow as molasses, dependent on JavaScript, and guilty of the filter-change-causes-reload issue discussed in [1]. It was so horrible that I gave up and decided to use Bauhaus only as a fallback for the major buys/works, in case the many competitors did not work out.

Early this morning, I spent some time browsing the catalog, just in case, and decided that I could at least use Bauhaus to order some shelves (prices were usually present…), and I went to the website to look in detail at what was present and what matched my intended measurements. Here the many search criteria (including dimensions and material) really came in handy. The speed remained agonizing low, however, mostly due to the filter-change-causes-reload issue,* and interesting products often turned out not to be currently available or not available in the online store… I was sorely tempted to just give up; but decided to push through, seeing that I had postponed the shelves for close to a year already.

*Cf. [1] where this was less serious due to the very limited number of criteria. Here a greater number of criteria were present, I wanted to apply several of them and had to wait again and again: Max width—reload. Min width—reload. Min height—reload. Max price—reload. More specific product type—reload. Reduce to a certain brand—reload. Try another brand—reload twice. (Once to deselect the first brand; once to select the next.) Etc. Note that the great number of products made the alternative to filtering an even slower manual check of hundreds of items.

I made my choices, entered all my data, proceeded to pay, and … payment turned out to be impossible! I first tried my credit card, ran straight into 3D-Secure* hell, and opted to go back to try something else. Lastschrift* was offered, I clicked on the corresponding button, and was immediately met with a message to the effect that “we cannot offer this payment method at this particular time”. Odd: Two seconds ago, you claimed that you could! Next attempt: Invoice. I clicked on the button—and was met by the same absurd message! I tried to go back for something else, but found nothing that was usable. (I do not recall the exact options, but one was “gift card”, which is useless for someone who does not already have a gift card**…)

*See below discussion for more information on some payment methods.

**To which can be added that gift cards make lousy gifts: Never buy them, never use them as gifts. (I know that I have written something on this before, but I cannot find it on short notice. The gist: Gift cards lock money up to the advantage of the merchant. The customer is better of with regular money.)

To boot, these messages are hard to explain technically: There might be some odd case where a payment with Lastschrift is not possible, because a service provider somewhere has a technical issue; however, this should be very rare and would require a more reasonable error message. For invoice*, on the other hand, there is no excuse that could reasonably apply, short of an internal problem that made more-or-less any purchase impossible—which should then be explained well in advance.

*Yes, there are some sites that use an external provider to check the credit-worthiness of the customer before allowing invoice purchases. No, this is not a valid excuse—if this had been the case, Bauhaus should have accepted the (small) extra risk, rather than refusing the customer. To boot, most setups would likely have this check and Lastschrift independent of each other, which reduces the risk of a simultaneous error considerably.

This evening, I came home to find that Cyberport (cf. [1]) had refused to accept “invoice” as means of payment—after the fact and without voicing any type of complaint at the time of my original order.

To boot there was no good information on how to proceed, just a list of alternate payment methods, most of which are problematic or out of the question entirely (and which well illustrate the problems with online payments):

Nachnahme (roughly, cash on delivery): Comes with a 6.90 Euro surcharge*. This is payable by the recipient of the package, although the sender is the beneficiary. The sole benefit for the customer is that he can be assured to have received his package at the time of payment, but, unlike e.g. invoice/credit-card/Lastschrift (cf. below) he has no additional recourse if the contents of the package are faulty.

*If using DHL at the time of writing, according to official information. Other providers might have different fees; and fees change over time.

To boot, this applies per package and is outside the control of the recipient: If the sender decides to split an order into more than one package, the recipient has to pay this fee multiple times.

As an aside, there are legal restrictions to the degree a merchant can enforce fees on means of payment towards the customer. Whether these apply to Nachnahme is, unfortunately and in my understanding, untested—and without a legal block, the customer is still stuck with paying the fee that by rights should be paid by the merchant.

Credit card: This used to be a wonderful means of payment. Today, there is a considerable risk that 3D-Secure* (or a similar mechanism) is used, which leads to a very high error rate and/or requires additional technology (e.g. a smart-phone), and increases effort considerably to boot. (See parts of [2] for why 3D-Secure is a negative for the customer and brings benefits only to other parties.)

*I am still waiting for feedback as to whether Cyberport uses 3D-Secure.

PayPal: Apart from the extra effort to create an account and whatever might apply, I have heard so many* stories of abysmal customer treatment or even outright fraud** from PayPal that I would not even consider opening an account there.

*I used to work for a competitor of PayPal’s. During this time, I read a fair bit about the competition and heard quite a few “trade” stories. There are entire websites dedicated to this topic.

**In the characterization by the customer. I have not investigated the actual intent behind the events, but the mere fact that customers are lead to such characterizations point to business methods that are, at best, negligent of the customer’s rights and interests.

(I am uncertain what rights the customer has when having paid for undelivered or faulty merchandise. If these rights are weak, this is an additional issue.)

Sofortüberweisung: An idiotic, unethical, and by rights illegal* “service”, which forces the customer to hand log-in information to his online banking to a third party**—in gross violation of both common sense and the typical terms and conditions* of the bank. I would never, ever, resort to this absurdity.

*In my understanding, a very regrettable law change has made this type of approach legal and required banks to change their terms and conditions to allow it. The motivation (IIRC) was something along the line of allowing competition—the rights of the customer were not mentioned with one word. Much better would have been to crack down heavily on such abuse and to make clear that an account (be it bank, computer, service, …) holder must never be forced to give out such information.

**Who then logs in to his banking, transfers money, and tells the merchant that the transfer was successful.

(I am uncertain what rights the customer has when having paid for undelivered or faulty merchandise. If these rights are weak, this is an additional issue.)

Vorauskasse (advance payment): Because the customer pays in advance, he has no protection against fraud and he is left to the whims of the merchant in case of problems.

I have used it myself and got burnt by Beyer. I would only use it again if I trusted the merchant—never for a first buy, as with Cyberport.

Giropay: A means of payment provided by the banks that provides a similar functionality to Sofortüberweisung, but does so in a manner that respects the users rights, does not drastically reduce security, and is compatible with the interests of the bank. (In fairness, there have been some concerns about sharing of non-login data, e.g. addresses, with the service provider in a non-transparent manner.)

A decent protection of the customer is (IIRC) present in the case of undelivered or faulty merchandise, but I am vague on the details.

I would be willing to use this, but have so far never had the opportunity, and I cannot vouch that it usually works technically.

What is not on the list is what non-negotiably should be present—the German gold-standard of payments: Lastschrift.*

*This allows the merchant to transfer the amount in question directly from the customers bank account, while the customer has the right to cancel incorrect transfers after the fact. The result is quite close to a credit card without having to have a credit card. (But without an actual credit, obviously.) While it might sound dangerous at first glance, it actually works quite well.

Since I have spent (and intend to continue to spend) a lot less time traveling, I have just ordered a desktop computer to get more comfort over my laptop.

This provided several good illustrations of how poorly thought-through many web-shops are.

For instance,* during the actual order stage, I found that copying my VAT-identification into the corresponding field led to an unspecified error—allegedly, something was wrong, but no word was given as to what. A bit of experimentation revealed that because I had not typed the VAT, the field did not recognize that an entry was present… This is idiotic on at least three counts: Firstly, this is the type of information that should be copied as a matter of course, to reduce the risk of accidental errors (and work needed). Secondly, a good developer would not have let himself be fooled by something like that.** Thirdly, a reasonable error message should have been given, e.g. that a mandatory field was empty. This would have made the error search much faster and would have avoided red herrings like a syntax error or an accidental copying of the wrong value (or an incomplete copying of the correct value). The error message displayed also showed the design error of appearing (only) at the top of the page, instead of next to the field. This was especially bad because the top of the page was not visible without scrolling when the field was visible… (However, at least the field was actually marked red, so that the user knew to search for an error message—I have seen even this be left out on some other sites.)

**Most likely, a heuristic was used that “if the user has typed something, the field is not empty”. This is highly naive and the (easy) check whether the field actually was empty would be much better.

Similarly, there was one of those idiotic* “please re-type your email address” fields. Of course, I just grabbed the original entry and pasted it—and nothing happened. Apparently, instead of realizing that this type of field is an idiocy, the designer had decided to block copy actions to force a re-type. To boot, this was done without any discernible error or warning message.

*Email addresses, too, are best copied from a fix source—not typed. If it is copied, there is no risk of a mistype and the “re-type” field is a pointless time-waster. Most non-copiers will likely rely on auto-complete, which will almost always either give the correct result or the wrong result twice. Again the “re-type” field is a pointless time-waster. For those who do type, the clear majority can be expected to either type and double-check sufficiently carefully that the address is correct in the first field, while those who do commit an error will usually do so due to a memory error, which will usually be repeated in the “re-type” field… Again, this field is a pointless time-waster. (A better approach could be to e.g. put a warning text next to the first field, to indicate the communication problems that could ensue if the address is mistyped and “please double-check it”.

Earlier, I had visited a number of category pages from one of Germany’s most popular physical electronic stores.* This with an eye on looking for other things that might be interesting, the store(s) having a very wide selection of products, be it on- or off-line. Not only did I have to jump through hoops to get to these pages,** but once there, they were all empty… Whether this was due to an internal error or an unprofessional reliance on e.g. Google***, I do not know. What I do know is that I wasted a fair amount of time, bought nothing, and definitely will not return in a hurry.

**There were usually several clicks and a lot of scrolling needed (instead of the one click that should have been needed), because the original links did not lead to the category pages—but to information pages that contained a link to the real category page somewhere towards the bottom.

***Google (and a few other companies) provide extensive APIs that can facilitate web-development. For an online store, it should be a given that these are installed locally. However, some developers fail to do so, and instead rely on versions running on Google’s (or whoever’s) servers. This brings problems both with reliability and user privacy, and I have blocked some of these servers to protect myself from privacy violations.

The search criteria in several stores were abysmal*, missing even basics like the ability to filter computers based on e.g. OS (specifically, no** OS), amount of RAM, and similar. Typical sets of criteria were brand (rarely interesting***) and price (interesting, but not enough) and possible something else of lesser import (e.g. whether shipping could take place now or only in two days time). This resulted in result lists of dozens to hundreds of entries that had to be manually filtered. (With the effect that I looked through the first one or two pages, foregoing the many entries on later pages entirely…)

**As a Linux user, I do not want to pay extra for a Windows installation that I am just going to remove later. Of course, even among those content with a pre-installed OS, the question of which OS is often quite important. As an aside, the proportion of computers that still come with a pre-installed Windows is depressing—the year is 2019, not 1999, and it should be a given that a Windows installation is optional.

***While some might have a brand preference, it is usually far more important what characteristics the computer has, and in those rare cases where someone is justified in looking at the brand first, he would be better of going directly to the manufacturer website (for research, if not for the actual purchase; of course, after research, he could just search by product number and would never need the brand). A possible exception is a means to exclude some brand; however, this was never present. (Except by selecting all brands, and then de-selecting the one—with possibly disastrous time waste as the result. Cf. immediately below.)

A particular annoyance was the slowness that came through attempts to be interactive—confirming my observation that the more interactive and “helpful” a website tries to be, the slower and less helpful it tends to become. Notably, changing any filter setting leads to an automatic re-load, which implies a re-search or re-filtering server-side, which implies a considerable delay until the page is available again. However, it is rarely the case that the user only wants to change one filter setting,* and it would usually** be better to have him toggle the reload manually after making all changes. Consider e.g. prices on http://www.cyberport.de: Per default, they ranged from a few tens of Euros*** to many thousands. Naturally, I wanted to trim both values to, respectively, ensure that I got something actually usable and did not pay a fortune for something I did not need. However, to trim the range to e.g. 200–500 Euro, I had to change two filter settings. Both caused a reload with a significant loss of time.****

*Unless, obviously, the number of settings is too limited to begin with…

**One exception is when the one choice alters what other choices are available. This was not the case on these websites, however. (And when it is, it is usually better to pre-load such alterations in a manner that allows a client-side change of filter options without reloading the actual results from the server.)

***Presumably, either non-computers misleadingly put in the computer category or extreme mini-computers (Raspberry PIs or similar).

****To boot, the settings were not even input fields, but some type of weird bar, where the user had to move the ends of the bar until approximately the intended values appeared.

Excursion on email:
While a bit off topic, I note that Cyberport provided yet another example of the grossly unethical practice of not having a means to provide an email address without also consenting to spam, insteading forcing the user to revoke consent at a later time. (Of course, not providing an email address at all is not an option.)